Identify a variety of security threats, Electrical Engineering

Each year the University computer society holds a „virtual fair? in Second Life in order to raise money for charity. The main attraction at the event is a lucky dip, where attendees pay a fee to enter, and in return receive a music track chosen randomly out of 50 possible tracks that are available on the day.

Some of the music tracks are good, but many of them are appalling covers of old pop songs from the eighties.

In previous years, there were accusations of bias against the fair organisers, and some attendees claimed that all of the best tracks had been given to the organisers? friends. Keen to avoid similar accusations this year, the organisers have decided to implement a fair lucky dip system based on the Oblivious Transfer Protocol they?ve learnt about in lectures.

The organisers have therefore given you the task of developing such a protocol, so that they can put it to use during the fair.

To do this, each of the 50 music tracks is to be encrypted with a different symmetric key. All of the encrypted tracks will be made publicly available and the keys handed out as prizes. You must therefore devise a system to allow people to „win? these 50 decryption keys.

The Oblivious Transfer Protocol from lectures allows a choice of only two messages. You must therefore extend this to allow the use of all 50 music track keys and then develop a protocol based on this.

The protocol must be demonstrably fair, so that the organisers can prove this in case there are further accusations of bias. All of this should be written up in a report so that the event organisers can understand and implement your protocol.

You are required to design and document a fair lucky dip system based on the Oblivious Transfer Protocol by completing and writing up your results from each of the following tasks.

1. Explain how the Oblivious Transfer Protocol works, based on the material provided in lectures and other published material. You should include a message exchange diagram that includes all of the messages sent between the two parties involved, the contents of the messages and the ordering in which they are sent.

2. Explain how the Oblivious Transfer Protocol can be extended to allow the use of 3 different messages. In other words, to allow it so that A sends 3 messages to B, but B ultimately receives only one of them at random. Again, you should include a complete message exchange diagram, as well as a detailed explanation.

3. Explain how the protocol can be extended from 3 to N messages, where N could be any number.

4. Explain how this new protocol (using up to 50 messages) can be used by the fair organisers to conduct their lucky dip as detailed in the outline of the problem above. You should explain how the protocol is fair, in order to prevent any accusations of bias.

You can make use of any standard cryptosystems in your design, but any other assumptions you make must be clearly documented.

Each of your protocols should be illustrated with a message exchange diagram indicating the messages sent between the various actors. Each of these messages - including their contents - should be detailed in full, with an explanation of the purpose and justification of each message. You should also provide a detailed justification of how your protocol satisfies the requirements.